Vulnerability Description
Unspecified vulnerability in the Oracle VM component in Oracle VM 2.2.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a third party researcher that this is related to the storage of passwords and password hashes in cleartext in files with insecure permissions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Vm | 2.2.1 |
References
- http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.htmlVendor Advisory
- http://www.securityfocus.com/archive/1/514612/100/0/threaded
- http://www.us-cert.gov/cas/techalerts/TA10-287A.htmlUS Government Resource
- http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.htmlVendor Advisory
- http://www.securityfocus.com/archive/1/514612/100/0/threaded
- http://www.us-cert.gov/cas/techalerts/TA10-287A.htmlUS Government Resource
FAQ
What is CVE-2010-3584?
CVE-2010-3584 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Unspecified vulnerability in the Oracle VM component in Oracle VM 2.2.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. NOTE: the p...
How severe is CVE-2010-3584?
CVE-2010-3584 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3584?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Vm.